Hello everyone,
I have just recently migrated my gateway away from smoothwall and
am now using m0n0wall. All has gone well so far with the exception of
one minor problem. I run a Counter Strike: Source dedicated server from
my home. Unfortunately my server is not visible to anyone looking
through the steam list; however, anyone can join using the direct IP (or
by adding it as a favorite). As you might imagine, this is a problem for
me.
The following is an output of the status page of my router:
unparsed ipnat rules:
map rl1 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
map rl1 192.168.1.0/24 -> 0/32 portmap tcp/udp auto
map rl1 192.168.1.0/24 -> 0/32
map rl1 192.168.4.0/24 -> 0/32 proxy port ftp ftp/tcp
map rl1 192.168.4.0/24 -> 0/32 portmap tcp/udp auto
map rl1 192.168.4.0/24 -> 0/32
rdr rl1 0/0 port 3389 -> 192.168.4.4 port 3389 tcp
rdr rl1 0/0 port 27015 -> 192.168.4.4 port 27015 udp
rdr rl1 0/0 port 27015 -> 192.168.4.4 port 27015 tcp
unparsed ipfilter rules:
# loopback
pass in quick on lo0 all
pass out quick on lo0 all
# block short packets
block in log quick all with short
# block IP options
block in log quick all with ipopts
# allow access to DHCP server on LAN
pass in quick on dc0 proto udp from any port = 68 to 255.255.255.255 port = 67
pass in quick on dc0 proto udp from any port = 68 to 192.168.1.1 port = 67
pass out quick on dc0 proto udp from 192.168.1.1 port = 67 to any port = 68
# WAN spoof check
block in log quick on rl1 from 192.168.1.0/24 to any
block in log quick on rl1 from 192.168.4.0/24 to any
# allow our DHCP client out to the WAN
# XXX - should be more restrictive
# (not possible at the moment - need 'me' like in ipfw)
pass out quick on rl1 proto udp from any port = 68 to any port = 67
block in log quick on rl1 proto udp from any port = 67 to 192.168.1.0/24 port = 68
pass in quick on rl1 proto udp from any port = 67 to any port = 68
# LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses)
block in log quick on dc0 from ! 192.168.1.0/24 to any
block in log quick on rl0 from ! 192.168.4.0/24 to any
# block anything from private networks on WAN interface
block in log quick on rl1 from 10.0.0.0/8 to any
block in log quick on rl1 from 127.0.0.0/8 to any
block in log quick on rl1 from 172.16.0.0/12 to any
block in log quick on rl1 from 192.168.0.0/16 to any
# Block TCP packets that do not mark the start of a connection
skip 1 in proto tcp all flags S/SAFR
block in log quick proto tcp all
#---------------------------------------------------------------------------
# group head 100 - LAN interface
#---------------------------------------------------------------------------
block in log quick on dc0 all head 100
# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on dc0 all keep state
#---------------------------------------------------------------------------
# group head 200 - WAN interface
#---------------------------------------------------------------------------
block in log quick on rl1 all head 200
# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on rl1 all keep state
#---------------------------------------------------------------------------
# group head 300 - opt1 interface
#---------------------------------------------------------------------------
block in log quick on rl0 all head 300
# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on rl0 all keep state
# make sure the user cannot lock himself out of the webGUI
pass in quick from 192.168.1.0/24 to 192.168.1.1 keep state group 100
# User-defined rules follow
pass in quick proto udp from any to 192.168.4.4 port = 27015 keep state group 200
pass in quick proto tcp from any to 192.168.4.4 port = 27015 keep state group 200
pass in quick from 192.168.4.0/24 to !192.168.1.0/24 keep state group 300
pass in quick proto udp from 192.168.4.0/24 to any port = 53 keep state group 300
pass in quick proto icmp from 192.168.4.0/24 to !192.168.1.0/24 keep state group 300
pass in quick from 192.168.1.0/24 to any keep state group 100
block in quick proto udp from any to any port 2082 >< 2085 group 200
block in quick proto udp from any to any port 1025 >< 1028 group 200
pass in quick proto icmp from any to any keep state group 200
pass in quick proto tcp from 70.***.***.*** to 192.168.4.4 port = 3389 keep state group 200
#---------------------------------------------------------------------------
# default rules (just to be sure)
#---------------------------------------------------------------------------
block in log quick all
block out log quick all
If anyone is running a server of this type behind m0n0wall, or know
what's going on here, please help me. :)
Thanks,
Magikman